An Examination of Cybercrime and Cybercrime Research Selfcontrol and Routine

An Examination of Cybercrime and Cybercrime Research: Self-control and Routine
Activity Theory
Katherine M. Grzybowski
Arizona State University
1 March 2012
Cybercrime 1
TABLE OF CONTENTS
1. ABSTRACT .....................................................................................................3
2. INTRODUCTION...........................................................................................4
3. A REVIEW OF CYBERCRIME ...................................................................6
3.1 Cybercrime Legislation ............................................................................7
3.1.1
Federal Laws .................................................................................7
3.1.2
State Laws ......................................................................................9
3.2 Cybercrime Law Enforcement Agencies ................................................11

3.3 Classifying Cybercrime ............................................................................16
3.4 National Levels of Cybercrime ................................................................19
3.4.1
Business Cyber Victimization ......................................................20
3.4.2
Individual Cyber Victimization ...................................................22
4. A REVIEW OF THEORIES..........................................................................26
4.1 Self-control Theory ...................................................................................27
4.2 Routine Activity Theory ...........................................................................33
5. AREAS FOR FUTURE RESEARCH ...........................................................38
6. CONCLUSION ...............................................................................................44
7. ACKNOWLEDGEMENTS ...........................................................................45
8. REFERENCES ................................................................................................46
Cybercrime 2
ABSTRACT
This paper provides an overview of the growing cybercrime problem and reviews
two criminological theories that have been applied to the study of cybercrime and
cybercrime victimization. Legislation which defines cybercrimes, establishes jurisdiction,
and provides the legal base for prosecuting such crimes has been developed at both the
federal and state level. Many federal law enforcement agencies have departments that
attempt to combat a broad range of computer crimes from computer intrusions to
intellectual property theft. This paper also reviews various definitions of cybercrimes and
classifies these crimes into three general categories. It then goes on to examine the
current level of cybercrime victimization for both businesses and individuals in the
United States. Cyber victimization has affected many individuals and businesses in the
United States and this problem seems to have increased as the use of computers and the
internet increased over the last decade. After reviewing the current level of cybercrime in
the United States this paper examines the application of self-control and routine activity
theory to the study of cybercrime. Both of these theories can be applied to the study of
computer crime and victimization. Finally this paper concludes with some suggestions for
areas of future research.
Cybercrime 3
INTRODUCTION
In 1969, the first message, login, was sent over ARPANET, the predecessor of
todays internet (Kleinrock, 2008). ARPANET was designed as a communication system
that would allow researchers to access information from other researchers computers
around the country, therefore allowing information to flow more freely (Kleinrock,
2008). From this humble beginning the internet has expanded far beyond the expectations
of the individuals who created it. According to Kleirock (2008), one of chief scientists
on the ARPANET, What I clearly missed was the fact that my 99-year-old mother (now
deceased) would be on the Internet; that is, I did not foresee the powerful community side
of the Internet and its impact on every aspect of our society. Computers and the internet
have become intertwined into our daily lives.
One reason why individuals use the internet is because they can gather and share
information with other individuals no matter where on the globe they are located. This
advancement in the way individuals can communicate with one another, as well as the
decreasing cost and size of computers, are some of the reasons why internet use has
grown so rapidly. Today, the top three websites Google, Microsoft, and Facebook each
have over 300 million unique users (Nielson ratings, 2011). The internet allows
individuals to easily find information, stay in touch with others, and has even resulted in
new ways to conduct business. Peoples use of the internet and computers continues to
grow as more and more people have access to this technology. However, while this new
technology has brought with it many advancements which make our lives easier, it has
also led to advancements in crime.
Cybercrime 4
The growth of the internet has also resulted in the creation and growth of
cybercrime. The internet can help put offenders in contact with victims. Also, it provides
individuals with the means of committing various cybercrimes. The growing threat of
cybercrime and cybercrime victimization has resulted in President Obama appointing a
Cyber Czar, someone who will oversee the defense of military computers and the
development of offensive tactics in order to combat the growing threat of cyber warfare
(Siobhan & Yochi, 2009). The President recently said, Cybersecurity is not an end unto
itself; it is instead an obligation that our governments and societies must take on
willingly, to ensure that innovation continues to flourish, drive markets, and improve
lives. (U.S. Department of Homeland Security, 2011) Cybercrime is a major issue facing
society today, requiring law makers and law enforcement agencies to take action. This
issue can have a major impact on governments, businesses, and individuals and thus
deserves the attention of researchers.
The growing problem of cybercrime is an important issue facing researchers
today. The number of internet users has grown exponentially over the last twenty years.
However, it is really only in the last decade that researchers have really begun to study
the problem. The purpose of this paper is to take a look at areas related to cybercrime
today and to review criminological theories that have been applied to the study of
cybercrime. Our society is a little over two decades into the digital age, and our
understanding of cybercrime is constantly changing; by looking at our understanding of
cybercrime and cyber victimization today we can gain a better understanding of what we
already know and, more importantly, what areas still need to be addressed.
Cybercrime 5
In this examination I will review current legislation on cybercrime, current law

enforcement responses to cybercrime, and classify different forms of cybercrime. Then I
provide a look at the levels of cybercrime in the United States to determine the
importance of studying cybercrime. This paper will then evaluate current cybercrime
research that has been conducted using self-control and routine activity theory, which are
the two criminological theories that have been applied most frequently to the study of
cybercrime. Finally, my study suggests areas were future cybercrime research is needed.
This composition will help shed light on what we know today about this type of crime
and victimization, which will help us gain a better understanding of where we need to go
in the future.
A REVIEW OF CYBERCRIME
Before examining different criminological theories that have been applied to the
study of cybercrime it is helpful to better understand cybercrime. It is useful to
understand what type of legislation has been passed to help define what cybercrime is and
under whose jurisdiction a cybercrime falls. This information helps us gain a better
understanding of cybercrime and the categories of crimes that fall under the label of
cybercrime. Along with examining cybercrime legislation, it is also important to study
the entities that enforce and combat this problem. Understanding cyber law enforcement
gives insight into how the problem is being addressed and thus a better understanding of
the problem. Finally, it is important to have an idea of the true extent of the problem by
examining the levels of cybercrime among businesses and individuals. This information
will demonstrate the need for research into this growing problem.
Cybercrime 6
Cybercrime Legislation
The widespread use of computers and the internet has led to new and expanded
forms of crime, resulting in the need for new legislation. These new types of crime have
left governments and law enforcement agencies with many questions. How does one
define what cyber activities are legal and what activities are illegal? How does one
enforce cyber laws when the relationship between the victim and the offender is often
purely virtual? The internet allows people to interact with each other across borders, so
whose jurisdiction is it? The Federal Government and the various state governments
have all attempted to address these issues. This paper will briefly address some federal
and state laws that have been created to deal with cybercrimes.
Federal Law
In order to combat the growing cybercrime problem, the United States
government has established laws to deal with many cybercrimes including, but not
limited to, computer intrusions, cyber-terrorism, and copyright infringements. These
crimes encompass three domains of victims the government, the business, and the
individual. The purpose of these laws is to help define what computer activity is and is
not illegal. These laws also establish under whose jurisdiction various offenses fall. This
section will provide a brief overview of Federal law concerning three specific types of
cybercrime: computer intrusions, terrorism, and copyright infringement.
The Federal government has developed laws to deal with many cybercrime issues
including computer intrusions. Individuals, businesses, and the government can all be
victimized by cyber intrusions. The federal law that deals with computer intrusions,
which includes crimes such as hacking, viruses, and malware, comes primarily from Title
Cybercrime 7
18 U.S. Code 1030 (Brenner, 2004). This law defines computer intrusions as an illegal
computer activity. In order to fall under this federal law, the computer being intruded
must fall under federal jurisdiction, which means that the computer must be used by
either a financial institution or government agency or be used in interstate or foreign
commerce (Brenner, 2004). This helps alleviate questions of jurisdiction by defining the
types of computers that fall under federal jurisdiction. Federal jurisdiction for
prosecuting computer intrusions against computers used by the government and financial
institutions comes from Title 18 U.S. Code 1030.
Another cybercrime issue that has been addressed by Federal law is cyberterrorism. Federal cybercrime law dealing with terrorism is based primarily in Title 18
U.S. Code 2331. Under title 18, terrorism is defined as acts dangerous to human life
that violate the criminal laws of the United States; (b) appear to be intended to intimidate
of coerce a civilian populationoccur primarily within the territorial jurisdiction of the
United States(Brenner, 2004). Terrorists can use computers to perform acts which
might be harmful or intimidate individuals and when this is the case, the Federal
government has jurisdiction. According to Gordon and Ford, computers can perform
important functions for terrorists above and beyond being potential targets (2002).
Terrorists computer usage is an important issue facing governments around the world.
Terrorism is an important issue facing governments today and under United States
Federal law, cyber-terrorism falls under the jurisdiction of the Federal government.
The United States government has also developed laws to deal with issues of
copyright infringement. Federal copyright law can be found in several statutes. Title 18
U.S. Code 2319, makes it a crime for someone willfully to infringe a copyright (a) for
Cybercrime 8
purposes of commercial advantage or private financial gain. (Brenner, 2004) This law
establishes that copyright infringement falls under the Federal governments jurisdiction.
The Digital Millennium Copyright Act makes it illegal to circumvent measures used to
protect copyrighted worksto tamper with copyright management information
(Brenner, 2004) Computers have made it easier to engage in acts that violate copyright
law, such as illegally downloading music and software. This law makes acts that violate
copyright law illegal and gives the Federal government jurisdiction for the investigation
and prosecution of this crime.
In summary, laws are ever-changing and are developed to address current issues
facing governments or organizations. The development and growth of computer crimes
over the last twenty years has necessitated the Federal government to address issues
related to cyber intrusion, terrorism, and the violation of copyright law. These types of
crime fall under the Federal governments jurisdiction to investigate and prosecute. As
cybercrime continues to grow, there may be a need for new laws to be developed to
address the problems that computer usage presents.
State Law
Each state has its own cybercrime legislation defining what is and is not
considered a cybercrime, making it difficult to comprehensively review current state level
laws dealing with cybercrime. State governments have developed different laws to deal
with many cybercrime issues including, but not limited to, computer intrusions and
computer fraud. This section will provide a brief overview of state laws dealing with
these two types of cybercrimes.
Cybercrime 9
One cybercrime issue that states have addressed is cyber intrusions that occur on
computers that are not used by the government or financial institutions. Both businesses
and individuals can be potential targets for cyber intrusions. According to Brenner, all
states have some provision which prohibit computer intrusions such as hacking; however,
states have varying definitions of what defines simple hacking (2004). While lawmakers
realize the dangers of computer intrusions, they do not agree on what constitutes
computer intrusions. Brenner defines simple hacking as, unauthorized access to a
computer or computer system (2004). However, according to the Arizona Revised
Statutes 13-2316 this is called computer tampering and involves, Accessing, altering,
damaging or destroying any computer, computer system or network. States can have
varying ideas as to what to include under the definition of computer intrusions. Each state has
made decisions about what to include in legislation aimed at defining and combating cybercrime.
Another cybercrime issue that states have needed to address is computer fraud, which can
affect both businesses and individuals. Like computer intrusions, lawmakers have differed on
how they define and classify computer fraud. A few states make this type of fraud its own crime
(Brenner, 2004). These states view computer fraud as its own type of offense separate from other
types of fraud and other computer crimes. Other states, according to Brenner simply include
using a computer to commit fraud in their basic aggravated hacking statute. (2004) These states
include various cybercrimes under one statute or offense category. Various states have taken
different positions on how to define and classify cyber fraud.
In conclusion, the development and growth of cybercrimes in recent years have

necessitated the various individual state governments in the United States to create laws
addressing issues related to cyber intrusion and fraud. These types of crime fall under
individual state governments jurisdiction to investigate and prosecute. While the laws
Cybercrime 10
between states differ, legislators in every state recognize cybercrime legislation as an

important issue which needs to be addressed.
Whether it is at the state or at the federal level, legislator across the United States
have developed legislation to address various types of cybercrime. These laws help to
define offenses and allow law enforcement agencies jurisdiction to combat these crimes.
This section has briefly reviewed a few types of legislation that has been passed in
response to the growing threat of cybercrime and cybercrime victimization. Next, this
paper will examine various government agencies at the federal level, which are actively
combating this growing threat, under the jurisdiction granted them by cybercrime
legislation.
Cybercrime Law Enforcement Agencies
Once cyber activities are defined as legal or illegal and jurisdiction is established,
law enforcement agencies can attempt to combat cybercrimes. The United States has
taken many initiatives to fight cybercrime, both at the federal and at the state level. There
are many state and local law enforcement agencies who are trying to combat cybercrime
for their local population. Because of the scope of this paper, however, I will only focus
on federal law enforcement agencies whose efforts are directed at a larger population.
The United States Secret Service, the Department of Homeland Security, the Federal
Bureau of Investigation (FBI), and several other government agencies have divisions that
focus on cybercrimes. These divisions, along with many private organizations, work in
conjunction to protect the public and the critical infrastructure of the United States by
working to prevent, detect, and stop cybercrime. These agencies provide information to
the public on how to protect oneself and ones family from cybercrime. Many of these
Cybercrime 11
agencies also allow victims to report incidents of cybercrime. These agencies work
together and with other groups in order to combat the rising number of cybercrimes.
In 2001, the USA Patriot Act was signed into law. It contained the provision that
the Director of the United States Secret Service create, a national network of electronic
crime task forces for the purpose of preventing, detecting, and investigating various
forms of electronic crimes, including potential terrorist attacks against critical
infrastructure and financial payments systems. (USA patriot act, Sec. 105, 2001)
After September 11th the United States government felt the need to create an organization
to combat the rising threat of terrorism and cyber-terrorism. To date the Secret Service
has created 25 electronic task forces across the nation (United States Secret Service,
2011). These task forces consist of law enforcement agents, lawyers, private businesses
people, and academics (United States Secret Service, 2011). The Secret Service focuses
mainly on large cybercrimes which could affect infrastructure and financial institutions in
the United States and has been expanding its efforts to combat these crimes (for more
information visit www.secretservice.gov/ectf.shtml).
The Department of Homeland Security (DHS) has a National Cyber Security
Division whose mission is to work collaboratively with public, private, and international
entities to secure cyberspace and Americas cyber assets (2011). The DHS is focused on
protecting not only the government, but also individuals from cyber threats. The DHS
Cyber Security Division is organized into three parts: the National Cyberspace Response
System, Federal Network Security, and Cyber-risk Management Programs (2011). These
separate divisions better enable the DHS to fulfill its goal of protecting cyberspace.
Cybercrime 12
One of the three DHS cyber security divisions is the National Cyberspace
Response System. This system posts information about the current threats that exist on
the internet to the DHS website, where the information is available to anyone who
interested (U.S. Department of Homeland Security, 2011). If people are more aware of
the risks they can possible avoid situations that put them in danger of being victimized by
cybercrime. This response system also coordinates responses to cybercrime and allows
different law enforcement agencies to share information and collaborate in their efforts to
combat cybercrime (U.S. DHS, 2011). This coordination is important in efforts to combat
cybercrime because resources can be used more efficiently. The DHS also runs the
Federal Network Security branch which coordinates federal cyber infrastructure
security (2011). This enables the Department of Homeland Security to better protect
infrastructure (for more information on the Department of Homeland Security visit
www.dhs.gov/xabout/structure/editorial_0839.shtm).
The Department of Homeland Security also runs the Cyber-risk Management
Program. In October, the DHS hosts the National Cyber Security Awareness Month,
which is designed to educated people about the risks of using the internet (2011). They
also have a campaign called Stop.Think.Connect. The campaign advises people to stop
before using the internet and think about the risks present on the internet. People then
need to think about their actions on the internet and whether they might put one at risk of
becoming a victim. And finally individuals can connect knowing that they are aware of
the risks and have taken steps necessary to protect themselves (U.S. DHS, 2011). The
DHS believes that the more educated someone is about cybercrime, the better able he will
Cybercrime 13
be able to protect himself (for more information on DHS educational activities visit
www.dhs.gov/files/cybersecurity.shtm).
The FBI focuses on three types of cybercrime. One of these is computer
intrusions. Computer intrusions include viruses, spyware, hacking, and other cybercrimes
in which the computer is the target (The FBI, 2011). The FBI focuses on computer
intrusions because of the huge financial and security threat posed by these intrusions.
Cybercrimes in which the computer is the target poses a threat to national security by
rendering critical infrastructure compromised. The financial cost to repair systems that
have been victimized by computer intrusions can be in the billions (The FBI, 2011). The
FBI fights computer intrusions through special task forces and collaboration with other
government and private agencies (2011). Victims of cyber intrusions can report incidents
through the FBIs Internet Crime Complaint Center. The FBI views cyber intrusions as
one of the three cybercrimes that they feel the need to combat.
Another main focus of the FBI Cybercrime division is targeting online child
pornography. The FBI runs the Innocent Images National Initiative which is a program
designed to combat the proliferation of child pornography/child sexual exploitation
(CP/CSE) facilitated by an online computer. (2011) The FBI recognizes the growing
threat of online child pornography that has resulted from the expansion of computer and
internet usage. The FBI is combating child pornography through undercover investigation
of websites, chat rooms, peer-to-peer networks, and other online locations likely to
harbor pedophiles. FBI agents assume fake identities and enter these online locations in a
hope to communicate with suspects and gather evidence of illegal activity (2011). By
posing as potential targets, FBI agents hope to identify online predators before they can
Cybercrime 14
harm anyone. Victims and their families can report child pornography/child sexual
exploitation online through www.cybertipline.com. The cyber tip line is run by the
National Center for Missing and Exploited Children, which then forwards these tips to
the FBI (2011). The FBI is currently taking steps to combat online child pornography.
A third focus of the FBI is on intellectual property theft. Intellectual property theft
is the illegal obtaining of copyrighted or patented material, trade secrets, or
trademarksusually by electronic copying. (Rantala, 2008) Illegal copyright
infringement and theft can cause copyright owners to lose billions of dollars in lost
revenue (The FBI, 2011). Computers, in many ways, have made it easier to circumvent
copyright laws and have made it easier to illegally gain access to trade secrets. The FBI
(2011) especially focuses on the theft of trade secrets and infringements on products that
can impact consumers health and safety, such as counterfeit aircraft, car, and electronic
parts. Fake products can be dangerous to everyone and because these products are often
traded across borders, it falls under the Federal governments jurisdiction to investigate.
They combat intellectual property theft through targeted operations and collaboration
with other government and private agencies (The FBI, 2011). The digital age has brought
with it technology which facilitates intellectual property theft, and this growing problem
has become a major concern for the FBI.
The Federal Bureau of Investigations also partners with the National White Collar
Crime Center to run the Internet Crime Complaint Center (IC3). The Internet Crime
Complaint Center is a tool for victims or third parties to report incidents of cybercrime.
IC3 then takes these complaints and refers them to federal, state, local, or international
law enforcement and/or regulatory agencies for any investigation they deem to be
Cybercrime 15
appropriate. (The FBI, 2011) Victims of any kind of cybercrime can file a report with
the Internet Crime Complaint Center. The IC3 provides one convenient location for
reporting cybercrimes (for more information visit www.ic3.gov/default.aspx.)
In conclusion, various federal law enforcement agencies are working to combat
cybercrime today. The Secret Service, the Department of Homeland Security, the Federal
Bureau of Investigation, and the Internet Crime Complaint Center provide educational
information on their websites on how to protect oneself from online victimization as well
as more information on their investigations. The Secret Service mainly is concerned with
protecting infrastructure. The DHS mainly focuses on coordination between law
enforcement agencies and educating the public on the dangers of cybercrime. The FBI
investigates computer intrusions, online child pornography, and intellectual property
theft. The Internet Crime Complaint Center is partly run by the FBI and allows victims to
report incidents of cyber victimization. The IC3 then funnels these complaints to the
appropriate agencies for investigation. These agencies are working together to address the
growing threat of cybercrime. But how do we classify what crimes fall under the category
of cybercrime? In the next section this paper will identify a way to classify the various
crimes that fall under cybercrime.
Classifying Cybercrimes
This paper has reviewed current cybercrime legislation and agencies that are
working to combat this growing problem; however this paper has not given a precise
definition of what types of crime fall under the category of cybercrime. If we are going to
study cybercrime, it is important to have an understanding of how cybercrimes are
classified. This next section will provide a brief overview of how to classify cybercrimes.
Cybercrime 16
There are many crimes that fall under the label cybercrime such as hacking,
denial of service, software piracy, online pornography, and several others, making it
difficult study cybercrime. Researchers have disagreed about how cybercrimes should be
classified. In general cybercrimes fit into three categories. There are crimes where
another computer is the focus of a crime (Brenner, 2004). There are crimes where a
computer is used to perpetrate a crime (Brenner, 2004). And there are crimes where a
computer is an incidental aspect of the commission of the crime (Brenner, 2004).
These three general categories will be the basis of the classification of various
cybercrimes in this paper.
Various cyber threats fall under the category of crimes where the computer is the
focus of the crime (Brenner, 2004). When the computer is the focus of the crime
individuals are targeting the computer and the information on the computer. One crime
that falls under this category is hacking. Hacking is generally defined as accessing or
gaining access to a computer without the authorization of the owner (Brenner, 2004).
Unauthorized access unto a computer is the result of an individual using one computer to
target another computer. Cyber-attacks also fall under this category. According to the
Bureau of Justice Statistics cyber-attacks consists of computer viruses (including worms
and Trojan horses), denial of service attacks, and electronic vandalism or sabotage
(Rantala, 2008). A denial of service attack is where a persons connection to the internet
or e-mail is either disrupted or completely shut down (Rantala, 2008). This type of attack
is aimed at the destruction of the computer and often results in the complete destruction
of the computer and the data on the computer. Crimes that fall under this category of
cybercrime are new crimes because computers present new and different kind of victim.
Cybercrime 17
When the computer is the focus of the crime, the criminal activity is designed to penetrate
another computer with the intention of obtaining the information from that computer,
taking over control of the computer, or destroying the software necessary for the
computer to operate.
The second category of cybercrimes deals with crimes that occur when an
individual uses the computer as a tool to commit a crime. Examples of crimes in which
the computer is the tool used to commit a crime include child pornography, online
stalking, and other crimes in which the computer makes it possible for the crime to occur
(Brenner, 2004). These types of crimes are not in essence new. Most of these crimes exist
in some form in the terrestrial world. The only difference is that the medium for
committing the crime has changed. Cyber thefts also fall under this category. According
to the Bureau of Justice Statistics cyber theft comprises crimes in which a computer is
used to steal money or other things of valueincludes embezzlement, fraud, theft of
intellectual property, and theft of personal or financial data. (Rantala, 2008) One type of
intellectual property theft is software piracy which is the illegal copying of
commercially available software so the individual may avoid fees or the unauthorized
copying of an organizations internally developed software for personal use or
distribution (Straub & Collins, 1990). Theft of intellectual property existed before the
advent of computers and the internet; however, using the computer as a means to commit
intellectual property theft is new.
The third category of cybercrimes are crimes where the computer is merely
auxiliary to the commission of a crime (Brenner, 2004). This means that an individual
used the computer as part of his crime, but the crime itself was not related to the use of
Cybercrime 18
the computer. For example, if a burglar uses the computer to print off directions to his
targeted house, the computer itself is not used to commit the crime; it is just used to help
the individual commit the crime. This is a new type of crime because before the creation
of the computer or the internet it would be impossible for a computer to be auxiliary to
the commission of a crime. While this category of cybercrimes represents a new type of
crime very little attention is paid to these types of cybercrimes.
The crimes that fall under the category of cybercrime can be better understood
if they are broken down into three general categories: crimes against computers, crimes
using computers as a tool, and crimes where the computer is incidental to the commission
of a crime (Brenner, 2004). Crimes against computers and crimes where the computer is
used incidental to the commission of a crime represent new crimes that did not exist
before the creation of the computer and the internet. Crimes where the computer is used
as a tool to commit the crime are traditional crimes that have been modified as the use of
computers has grown. Most research focuses on cybercrimes where the computer or the
internet is the tool used to commit the crime or on crimes against computers. When
referring to cybercrime in this paper, cybercrimes will include all crimes that fall under
these two cybercrime categories. Now that we understand what kinds of crimes fall under
the banner of cybercrime we can examine the level of cybercrime and cybercrime
victimization in the United States. This will help us understand the scope of the problem.
National Levels of Cybercrime
As discussed above, the development of the internet has led to the development of
new types of crimes and new ways to commit crimes, but how prevalent is internet crime
in todays world? The Bureau of Justice Statistics (BJS), a department of the U.S.
Cybercrime 19
Department of Justice, has conducted a national survey of businesses to determine, the

prevalence of computer security incidents. (Rantala, 2008) The 2005 National
Computer Security Survey provides a good measure of the level of business cybercrime
victimization in the United States. The Internet Crime Complaint Center (IC3), a
partnership between the FBI and the National White Collar Crime Center publishes
annual reports for the nation, as well as annual reports for each state, which detail the
type, number, and characteristics of complaints received by the IC3 (The FBI, 2010).
Information from the 2010 IC3 report provides a good measure of the level of individual
cybercrime victimization in the United States. The national reports of the Bureau of
Justice Statistics and the Internet Crime Complaint Center provide information on
national computer crime levels.
Business Cyber Victimization
In 2005, the Bureau of Justice Statistics conducted the National Computer
Security Survey which sampled 7,818 businesses, from thirty-six different industries, to
determine the pervasiveness of cybercrime incidents (Rantala, 2008). It is important to
understand the extent of cybercrime victimizations among U.S. businesses so businesses
and law enforcement agencies can work together to protect our economy. Cybercrime
incidents included crimes such as cyber-attacks which include viruses and denial of
service attacks, cyber-thefts which includes crimes such as fraud and theft of intellectual
property, and other incidents such as spyware and hacking (Rantala, 2008). Of the 7,818
businesses surveyed sixty-seven percent detected at least one cybercrime in 2005.
(Rantala, 2008) Many U.S. businesses, both small and large, are being victimized by
computer crimes.
Cybercrime 20
This survey also found that there were more than 22 million cybercrime incidents
which resulted in a total financial loss of $867 million (Rantala, 2008). This is a large
sum of money that businesses are losing as a result of computer crimes. These companies
are losing money that they could be using to grow their business and the American
economy. The large financial loss from cybercrimes poses a threat not only to businesses,
but also to local, national, and global economies. The National Computer Security Survey
found that there are high rates of computer victimization among business and that these
crimes are causing businesses to lose millions of dollars.
In 2005, the Bureau of Justice Statistics also looked at the level at which
businesses reported being victims of computer crime. Of those businesses that detected a
security incident, only about fifteen percent reported the incident to a law enforcement
agency (Rantala, 2008). The lack of communication between businesses and law
enforcement agencies can impede law enforcement in their efforts to combat computer
crime. If law enforcement does not know the true extent of a problem it will be difficult
to obtain the necessary resources to combat the problem. Businesses who did not report a
cyber-incident to law enforcement gave several reasons for doing so including that they
believed that they would not gain anything by reporting it, they did not know who to
report the incident to, and they believed that the incident was outside the jurisdiction of
law enforcement (Rantala, 2008). Law enforcement can use these responses to educate
businesses about the importance of reporting incidents and to improve the reporting
process so businesses feel that they can report cyber-incidents. Despite the level of
cybercrime victimization among business, very few businesses reported this victimization
to any form of law enforcement agency.
Cybercrime 21
The National Computer Security Survey also asked businesses about the identity,
if known, of the perpetrator. The study found that about seventy-five percent of cyber
thefts, which include crimes such as fraud, embezzlement, and theft of intellectual
property, were perpetrated by insiders in the business (Rantala, 2008). This suggests that
companies need to improve their internal computer security and monitor their employees
to reduce their victimization from cyber-thefts. However, seventy percent of cyberattacks perpetrated against businesses were committed by individuals outside of the
company (Rantala, 2008). This suggests that companies should focus on increasing their
external computer security from cyber-attacks committed by outsiders. In conclusion,
who is participating in acts of computer crimes against businesses, insiders or outsiders,
depends on the type of crime being committed and businesses need to increase the
security on their computers, both inside and outside.
In sum, cybercrime victimization is very prevalent among businesses both large
and small. This victimization is perpetrated by both insiders and outsiders and results in
large financial losses for businesses. However, despite the high levels of victimization
very few businesses report this victimization to law enforcement agencies. This can
inhibit law enforcement from obtaining the resources necessary to combat cybercrimes.
Cybercrime victimization is very prevalent among businesses, as well as among
individuals.
Individual Cyber Victimization
Victims of cybercrime can report incidents of cybercrime victimization to the
Internet Crime Complaint Center (IC3). The IC3 then takes these complaints and funnels
them to the appropriate federal agencies for investigation (The FBI, 2010). This makes it
Cybercrime 22
easy for victims because they can report to one agency that can then send these reports to
the appropriate organization for investigation rather than trying to figure out which
agency investigates this type of incident. Every year the Internet Crime Complaint Center
publishes a report detailing the number and type of incidents reported as well as the
characteristics of the victims and perpetrators (The FBI, 2010). Although these reports
only provide information about incidents reported to the IC3, the information in these
reports still provide a valuable look into the prevalence of internet crime and
victimization in the United States.
The IC3 tracks the number of complaints that it receives each year, providing a
picture of the rate of cybercrime victimization in the U.S. In 2000, when the Internet
Crime Complaint Center first opened it received about 17,000 complaints. In 2010, the
number of complaints per year had risen to over 300,000 (The FBI). This is a 1,664.7
percent increase over a ten year period. There are many possibilities for this increase. For
one thing it is possible that more people know about the Internet Crime Complaint Center
today and therefore use the service more than in 2000. This increase could also be the
result of increases in levels of cybercrime over the decade. Or it could be a combination
of both. During 2010, the top ten crimes reported to the IC3 were: the non-delivery of
payment or merchandise, FBI-related scams, identity theft, computer crimes,
miscellaneous fraud, advance fee fraud, spam, auction fraud, credit card fraud, and
overpayment fraud (The FBI). This information can provide law enforcement agencies
with an idea of what types of computer crime they should focus their efforts. The 2010
Internet Crime Complaint report shows that the number of incidents reported to the IC3
Cybercrime 23
has increased over the last 10 years and also details the most common crime complaints
from 2010.
The annual report of the Internet Crime Complaint Center also reports on the
demographic characteristics of victims and offenders. According to the IC3, in 2010
most complainants were in the U.S., male, between 40 and 49, and a resident of
California, Florida, Texas, and New York. (The FBI) These characteristics suggest that
there may be certain types of people or geographic areas that are more at risk for
victimization. Men, between 40 and 49, may be more at risk for victimization because
they are more likely to be involved in business and therefore provide an attractive target.
This information is valuable to law enforcement agencies and policy makers because they
can concentrate personnel and prevention programs on these particular problem areas. In
2010, males reported more incidents of victimization than females (The FBI). According
to the IC3, in 2010 men reported greater dollar losses than women (at a ratio of $1.25 to
every $1.00). (The FBI) Not only are males more likely to report incidents of computer
victimization, but males also report higher levels of monetary loss from victimization
than females. The Internet Crime Complaint Center provides information on the
demographic features of complainants which can be used to identify common
characteristics of cybercrime victims.
The Internet Crime Complaint Center also provides information on demographic
characteristics of perpetrators when complainants knew the offender. In 2010, known
offenders were mostly male more than half resided in California, Florida, New York,
Texas, the District of Columbia, or Washington. (The FBI) California, Florida, New
York, and Texas are also the same states where most complainants resided. This overlap
Cybercrime 24
between victims and offenders can partially be explained by the fact that these states have
the largest populations in the United States. Not only are males more likely to report an
incident of cybercrime victimization, but males are more likely to be the perpetrators in
cases where the perpetrator is known. Almost fifty percent of perpetrators reported to the
IC3 are residing in the United States (The FBI, 2010). Individuals in the United States
face as much of a threat of being victimized by cybercrime from the inside as they do
from the outside. According to the Internet Crime Complaint Centers 2010 report, in
cases where the perpetrator is known and resides in a foreign country, most offenders
came from the United Kingdom, Nigeria, and Canada. This information can help
governments work together to better combat the problem of cybercrime. The annual IC3
report provides information of the characteristics of known offenders which can be useful
in trying to combat the rising rates of cybercrime.
In conclusion, the internet has changed the way the world does business and how
individuals run their lives. However, the advent of this new technology has resulted in a
new way for offenders to commit crimes. But how prevalent is internet crime in our
society today? The Bureau of Justice Statistics found that in 2005 sixty-seven percent of
business had detected at least one cybercrime incident (Rantala, 2008). Cybercrime is a
major problem facing Americas businesses. The number of cybercrime incidents
reported Internet Crime Complaint Center has drastically increased over the last decade
(The FBI, 2010). This suggests that not only is cybercrime a major issue facing
businesses, but it also poses a major problem for individuals as well. The increasing
number of cybercrime incidents among businesses and individuals suggests that
cybercrime will be an important field of study as we move into the future. Some have
Cybercrime 25
already begun studying the causes of cybercrime and cybercrime victimization in hopes
that their work may lead to a better understanding of the problem and methods to prevent
further incidents.
A REVIEW OF THEORIES
Now that we have reviewed several aspects of computer crime including current
legislation, law enforcement, and the prevalence of computer crime, this paper will
review crime theories that have been applied to the study of cybercrime. Over the past
two hundred years many theories have been developed in an attempt to explain why
crimes occur. Some of these theories, like self-control theory and routine activity theory,
have been applied to the study of cybercrime. These theories focus on the individual level
characteristics in individuals or the situations they are in that increase the chances of a
crime occurring. The study of cybercrime will become more and more important as we
look for solutions to this growing problem. This section will review the different theories
and their empirical studies which have been applied to the study of cybercrime.
Before examining the different theories that have been applied to the study of
cybercrime it is helpful to understand the different schools of criminological thought. In
criminology the two main schools of thought are the classical school and the positivist
school. Classical theorists believe that people are rational and that they commit crimes
through their own free will in order to satisfy their own self- interest (Cullen & Agnew,
2006). According to classical theorists people will not participate in crime if they know
what the punishment will be, they know that it will be delivered rapidly, and they know
that punishment is certain because when this occurs the consequences from committing
the crime outweigh the benefits an individual would have received from a crime (Cullen
Cybercrime 26
& Agnew, 2006). People rationally choose to participate in criminal acts; in order to
prevent these acts from occurring people need to know that consequences will outweigh
the benefits. If people believe that the consequences outweigh the benefits then they will
freely choose not to participate in the criminal behavior. On the other hand the positive
school of criminology believes that individuals participate in crime because of forces
beyond individual control and relies on the scientific method to prove its theories (Cullen
& Agnew, 2006). Individuals should not be held solely responsible for their actions
because not everyone is rational. Outside factors can play an important part in
determining ones participation in crime. Now that we have examined the two most
dominant schools of criminological theory we can examine how two theories, selfcontrol and routine activity, have been applied to the study of cybercrime and cybercrime
victimization.
Self-Control Theory
One general crime theory that has been applied to the study of cybercrime is selfcontrol theory. Self-control theory was first proposed by Travis Hirschi and Michael
Gottfredson in their 1990 publication A General Theory of Crime. Self-control theory
believes that criminal motivation is rampant, but that people act on this motivation only
when they possess low self-control (Cullen & Agnew, 2006). This paper will discuss the
basic elements of self-control theory, as well as research that has provided evidence to
support the validity of this theory. Then this section will review empirical studies that
have applied self-control theory to the study of cybercrime and cyber victimization and
will discuss the benefits of applying this theory to the study of cybercrime.
Cybercrime 27
In their book, A General Theory of Crime, Travis Hirschi and Michael

Gottfredson describe the major characteristics that define individuals with and without
self-control (1990). Individuals with low self-control are impulsive, insensitive,
physical (as opposed to mental), risk-taking, short sighted, and nonverbal, and they will
tend therefore to engage in criminal and analogous acts. (Hirschi & Gottfredson, 1990)
People with characteristics of low self-control may be more likely to participate in
deviant acts because they want immediate gratification. As compared to individuals who
lack self-control, individuals with self-control are able to delay immediate gratification
and are more likely to be vigilant, emotional, verbal, and long-term orientated (Hirschi &
Gottfredson, 1990). Individuals who possess characteristics of self-control may be better
able to appreciate the consequences of participating in deviant acts and have the control
necessary to delay their gratification. In conclusion, those who lack self-control are more
likely to possess characteristics such as impulsivity and short-sightedness, that make
crime and its immediate gratification more attractive to them, as compared to those who
possess characteristics of high self-control such as being cautious and long-term
orientated.
This brings up an important question, does an individuals level of self-control
develop over time or is someone born with one level of self-control that remains the same
throughout his or her lifetime. According to Hirschi and Gottfredson individuals are not
born with one certain level of self-control, rather they learn self-control most often
through their parents (Hirschi & Gottfredson, 1990). An individual does not have only
one level of self-control, as they grow older they may develop a different level of selfcontrol then when they were younger. However, they do suggest that, individual
Cybercrime 28
differences may have an impact on the prospects for effective socialization (Hirschi &
Gottfredson, 1990). For example, individuals with mental health problems may have a
higher probability of not being effectively socialized. The authors believed that selfcontrol is learned through life, but especially while you are a child.
The authors also addressed why some individuals possess characteristics of selfcontrol. They suggest that individuals develop characteristics of self-control as a result of
their upbringing (Hirschi & Gottfredson, 1990). While parents do not intentionally teach
their children to not have self-control, the authors suggest that in order to teach the child
self-control, someone must (1) monitor the childs behavior; (2) recognize deviant
behavior when it occurs; and (3) punish such behaviorall that is required to activate the
system is affection for or investment in the child. (Hirschi & Gottfredson, 1990) They
suggest that a deficiency in any one of these categories will inadvertently allow the child
to develop characteristics of low self-control (Hirschi & Gottfredson, 1990).
Characteristics of low self-control can be the result of ineffective parenting. Low selfcontrol makes crime more attractive to individuals who possess learned characteristics
such as impulsivity and lack of responsibility. Good parenting is important in developing
individuals who possess high levels of self-control, however good parenting can only
occur if parents care about their children and are able to monitor, recognize, and
effectively punish their children for deviant behavior.
Self-control theory has been the subject of many empirical studies, which have
attempted to test the validity of the theory in explaining crime (Pratt & Cullen 2000;
Pratt, Turner & Piquero 2004; Perrone, Sullivan, Pratt, & Margaryan 2004; Turner,
Piquero, & Pratt 2005; Reisig &Pratt 2011; Deng & Zheng 1998). In 2000, Pratt and
Cybercrime 29
Cullen conducted a meta-analysis of empirical studies of self-control theory in order to

determine whether empirical studies support the proposal that low self-control can predict
criminal or deviant behavior. After analyzing twenty-one empirical studies which
included tests for self-control, they found that the lack of self-control is a strong predictor
of involvement in criminal or other negative behaviors (Pratt & Cullen, 2000). Selfcontrol is useful in explaining why some individuals participate in criminal behaviors
while others do not. These researchers also found that self-control is not the only
predictor of deviant behavior, but that variables from social learning theory are also
useful in explaining an individuals participation in deviant activities (Pratt & Cullen,
2000). Criminal behavior cannot be explained entirely by one theory; it requires the
intersection of various theories. In conclusion empirical studies have generally found
support for self-control theory as an important factor in predicting criminal activity.
Some researchers have extended self-control theory to the study of why some
individuals commit cybercrimes or participate in deviant cyber behavior. For example,
researchers have applied self-control to the study of why some individuals participate in
online piracy (Higgins & Makin 2004; Higgins 2005; Higgins, Wolfe & Marcum 2008;
Morris & Higgins 2009; Moon, McCluskey & McCluskey 2010). One empirical study of
358 college student found that individuals who possessed characteristics of low levels of
self-control, such as impulsivity, were likely to commit acts of digital piracy (Higgins,
Wolfe, & Marcum, 2008). Individuals who possess characteristics of low levels of selfcontrol are likely to participate in deviant behavior both on and offline because of their
desire of immediate gratification. Another research study applying self-control theory to
the study of cybercrime found that individuals with low levels of self-control were more
Cybercrime 30
likely to view online pornography than individuals with high levels of self-control
(Buzzell, 2006). Empirical studies such as these show that self-control theory can be
useful in helping to explain the cyber deviance. These applications of self-control theory
can help researchers and policy makers better understand why individuals participate in
deviant online behavior and suggest possible ways to combat this growing problem.
Researchers have also extended self-control theory to the study of victimization in
order to describe why some people are more likely to be a victim of cybercrime than
others. A 2010 study of college students found that students who identified
characteristics of low levels of self-control were more likely to engage in behavior that
increased their likelihood of becoming victims of fraud (Holtfreter, Reisig, Piquero &
Piquero, 2010). Individuals with low levels of self-control are more likely to place
themselves in situations where they might be victimized. Furthermore, they found that
there is overlap in fraud offending and victimization exposure (Holtfreter, Reisig,
Piquero & Piquero, 2010). Individuals who lack self-control and participate in deviant
behavior are more likely to experience victimization. Extending self-control theory to the
study of victimization can make the theory more useful because it can not only explain
why some individuals are more likely to commit crimes, but also why some individuals
are more likely to become victims of crime.
This extended theory of self-control explains why some individuals are more
likely to be victims and has been applied to the study of cybercrime. For example, an
empirical study of college students found that people with characteristics of low selfcontrol, such as impulsivity, perceived they were at a higher risk of theft victimization,
but did nothing to change their behavior (Reisig, Pratt, & Holtfreter, 2009). Even people
Cybercrime 31
who possess low levels of self-control can perceive the risks of online victimization;
however, they are less likely than individuals with high levels of self-control to change
their behavior to decrease their likelihood of being victimized online. Some empirical
research that has been conducted on cybercrime victimization shows that self-control
theory can be useful in helping to explain why some individuals become victims of cyber
criminals. This will help researchers and policy makers develop possible ways to combat
this growing problem. Self-control theory can be useful in explaining victimization, both
in the real world and in the cyber world.
Empirical studies have shown that self-control theory is useful in explaining why
some individuals are more likely to participate in deviant behavior, as well as why some
individuals are more likely to be victimized (Pratt & Cullen 2000; Pratt, Turner &
Piquero 2004; Perrone, Sullivan, Pratt, & Margaryan 2004; Turner, Piquero, & Pratt
2005; Reisig &Pratt 2011; Deng & Zheng 1998; Holtfreter, Reisig, Piquero & Piquero
2010). However, while self-control theory is useful in explaining why individuals may
act in a certain way, it does not explain the situations that must be met for a crime to
occur. Routine activity theory describes the situational factors that must be present for a
crime to occur. In conjunction with self-control theory, routine activity theory can help
explain why cybercrime occurs, indeed some researchers have already begun to look at
using self-control and routine activity theory together to explain victimization (Holtfreter,
Reisig, & Pratt, 2008). For example, scholars found that as a result of remote purchasing
activities, individuals with low self-control have an increased possibility of being the
victim of fraud (Holtfreter, Reisig & Pratt, 2008). An individuals low self-control
combined with his or her regular activities can increase an individuals risk of being
Cybercrime 32
victimized. Self-control, in conjunction with routine activity theory, may prove a useful
model for explaining cybercrime victimization.
In conclusion, self-control is a useful theory that can be expanded to the study of
cybercrime. Self-control theory explains why some individuals are more likely to
participate in crime and other negative behaviors. Individuals with low self-control tend
to be impulsive, short-sighted, and to want the immediate gratification that comes from
crime or other activities. Their lack of self-control is the result of their upbringing.
Empirical studies of self-control theory find that an individuals level of self-control is an
important predictor of his or her participation in deviant behavior. Self-control theory can
also help to explain why some individuals are more likely to be victimized. This theory
can be applied to the study of why some individuals are more likely to commit
cybercrimes and/or to be the victims of cybercrime. Self-control theory is a good theory
for explaining individual behavior; however, it may not be enough to explain the
phenomenon of cybercrime.
Routine Activity Theory
Self-control theory on its own is not enough to fully explain the cybercrime
victimization phenomenon. However, in conjunction with other theories, such as routine
activity theory, researchers can develop a better model to explain cybercrime
victimization. Routine activity theory was first proposed by Lawrence Cohen and Marcus
Felson in 1979 in their article Social Change and Crime Rate Trends: A Routine Activity
Approach. Routine activity theory believes that, Crime occurs when there is an
intersection in time and space of a motivated offender, an attractive target, and a lack of
capable guardianship. (Cullen & Agnew, 2006) This paper will discuss the basic
Cybercrime 33
elements of routine activity theory. Then this section will review empirical studies that
have applied routine activity theory to the study of cybercrime victimization, and will
discuss the results of applying this theory to the study of cybercrime.
In their article Cohen and Felson described three necessary circumstances that
needed to be met in order for a crime to take place. Unlike many theories that focused on
why people commit crimes, the authors argued that motivation is commonplace,
however, in order for a crime to take place there needs to be concurrence in time and
space of an offender with both criminal inclinations and the ability to carry out those
inclinations, a person or object providing a suitable target for the offender, and absence
of a guardian capable of preventing violations. (Cohen & Felson, 1979) It does not so
much matter why individuals are motivated to commit crimes, what matters is that an
individual with the inclination to commit a crime is in the right place to move against his
or her target at the right time when there is no one around to stop the offender. The
authors also argued that the absence of any one of the conditions would be sufficient to
prevent a crime from occurring (Cohen & Felson, 1979). If an individual is motivated to
steal an object from a victims house, but there is always someone home, then the
offender will be unable to commit the crime. In sum, according to routine activity theory
a crime can only occur if there is an offender, a suitable target, and no guardians around
to protect the target.
The authors also addressed what makes a suitable target. They identified four
items: value, physical visibility, access, and inertia that are likely to affect target
suitability (Cohen & Felson, 1979). These logically make sense, for example, if a thief
wants to steal something they have to know that it is there in the first place, thus physical
Cybercrime 34
visibility would be important to deciding the suitability of a target. Access, is also

important for deciding the suitability of a target (Cohen & Felson, 1979). The easier it is
to access an object, for example, if a house is left unlocked it is much easier to gain
access into it then it is to gain access into a house that is locked. The authors found that
high value items, such as cars and electronics, were more likely to get stolen (Cohen &
Felson, 1979). If thieves are going to make the effort to steal something, for which there
is always the possibility that they will be punished, they are going to steal items that are
worth the most money. The authors also found that the weight and size of the object,
which they called inertia, affects target suitability (Cohen & Felson, 1979). The smaller
and lighter an object is, the easier it is to steal. In conclusion, routine activity theory
identifies characteristics of objects and people that make these objects and people suitable
targets, namely their value, their physical visibility, the access an offender has to them,
and the size and weight of the target.
Researchers have begun to expand routine activity theory to the study of
cybercrime victimization. In one study of college students, researchers examined the
applicability of applying routine activity theory to the study cybercrime and found that
students that disregard their participation in online activities and do not use computersecurity software are more likely to be victimized (Choi, 2008). People who overlook the
riskiness of their behavior are unlikely to protect themselves by curbing their behavior or
using protective guardians and thus are more likely to be victimized. Another study
testing the applicability of routine activity theory to the study cybercrime found that the
number of hours a student spent on online communication sites, such as chat-rooms, and
his or her engagement in computer crime impacted the students risk of cyber
Cybercrime 35
victimization (Holt & Bossler, 2008). People whose regular activities place them in
situations where they have the possibility of interacting with offenders are at an increased
risk of being victimized. Researchers have found some support for applying routine
activity theory to the study of cybercrime.
Several studies have been conducted using routine activity theory in order to
study cybercrime victimization (Marcum, Higgins & Ricketts 2010; Henson, Reyns &
Fischer 2011; Holt & Bossler 2008; Holtfreter, Reisig, & Pratt 2008, Pratt, Holtfreter, &
Reisig 2010). For example, two empirical studies of college students found that students
who used online communication sites, such as chat rooms, had an increased probability
of being victimized (Marcum, Higgins & Ricketts 2010; Holt & Bossler 2008).
Individuals who communicate with others online as part of their routine activity are more
likely to experience online victimization then individuals who do not use online
communication. In another empirical study of college students, the researchers found that
individuals with multiple social networking accounts had a greater probability of
suffering interpersonal victimization, including online harassment (Henson, Reyns &
Fischer, 2011). Individuals who routinely used multiple social networking sites are more
likely to be cyber victims because they are more likely to come into contact with online
offenders. Many studies have found evidence that provides support for using routine
activity theory in the study of cybercrime victimization.
However, despite the research that has found evidence supporting the use of
routine activity theory in the study of cybercrime victimization, there are some
researchers that have argued that routine activity theory cannot be applied to the study of
cybercrime victimization (Yar, 2005). In one study, Yar argued that some aspects of
Cybercrime 36
routine activity theory if adapted could possibly be applied to the study of cybercrime;
however, he also found evidence suggesting that because of the difference in time and
space in the cyber world vs. the real world that routine activity theory could not be
applied to the study of cybercrime (2005). The nature of the internet can challenge the
applicability of routine activity theory to the study of cybercrime because unlike the
terrestrial world, time and space does not exist in the same way in the cyber world. Yar
argues that because cybercrime exists in a world without any physical or time constraint,
it is a new form of crime, and thus requires new and modified theories to explain it
(2005). The unstructured nature of cybercrime makes it difficult to explain using
traditional crime theories, such as routine activity theory. Researchers have suggested
that routine activity theory cannot be used to explain cybercrime because one of the
major tenets of routine activity theory, the convergence in time and space, does not occur
in cybercrime.
In conclusion, researchers have found evidence supporting and not supporting the
expansion of routine activity theory to the study of cybercrime. Routine activity theory,
in conjunction with other theories, may help to explain cybercrime victimization. After
all, the internet provides a means where attractive targets, such as people and valuables,
are easy to access by offenders. And the free-flowing nature of the internet also makes it
difficult to monitor and control, therefore eliminating capable guardianship. Future
studies of cybercrime victimization may draw benefit from using both routine activity
theory and self-control theory to explore the problem.
In sum, researchers have expanded both self-control theory and routine activity
theory to the study of cybercrime and cybercrime victimization. Self-control theory
Cybercrime 37
provides valuable insight into why offenders may participate in cybercrime, as well as
why some individuals may be more likely to be victimized by cybercrime. Routine
activity theory explores the situations necessary for a crime to occur and how an
individuals regular activities may put him or her at greater risk of being a cybercrime
victim. Researchers have also begun to look at the using both these theories together to
help explain the cybercrime victimization. Both of these theories hold promise for the
study of cybercrime and cybercrime victimization in the future.
AREAS FOR FUTURE RESEARCH
Cybercrime and cybercrime victimization is a growing problem that will continue
to face legislators and law enforcement agents well into the future. As the problem grows
so will the need to better understand it so that we can develop programs to combat it. This
paper has discussed the application of two crime theories which have already been
applied to the study of cybercrime. However, there are still many areas where further
research still needs to be conducted.
One area that merits future research is the expansion of these studies to more
varied samples. Most of the empirical studies reviewed by this paper surveyed college
students about their involvement in cybercrime and cybercrime victimization. Using
college students can provide an important look into the phenomenon because most
college students regularly use computers and the internet. This regular computer use, as
well as students computer skills, means that college students have the access and ability
to commit cybercrimes and they may be at higher risk for being victimized online.
College students are an important demographic in the study of cybercrime, however they
do not represent the whole picture. College students are a self-selected group of
Cybercrime 38
individuals therefore future research needs to be conducted among other groups to

determine if findings from studies on college students can truly be generalized to the
entire population.
A second area for future research is the study of business cyber victimization.
There have been very few research studies examining cybercrimes and business. The
Bureau of Justice Statistics conducted the National Security Survey which measured the
prevalence of business cybercrime victimization (Rantala, 2008). However, this survey
did not examine issues of why some businesses experienced cybercrime victimization,
leaving scholars with future research possibilities. For example, researchers could
examine whether certain business practices, such as online banking, make some business
more attractive to offenders? Most current cybercrime research has studied what makes
certain individuals more at risk for cybercrime victimization. However, if researchers
expand their research to the study of business victimization, it would be possible to learn
what makes certain businesses more susceptible to cybercrime victimization and point to
possible practices that might reduce a businesss likelihood of being victimized.
As researchers have attempted to explain cybercrime they have turned to
traditional crime theories such as self-control theory. Their application of self-control
theory has shown that this theory holds promise for explaining cybercrime. These studies
have found that individuals with characteristics of low self-control are likely to
participate in nonviolent online crimes such as online piracy and pornography. However,
research needs to be conducted to determine if individuals with characteristics of low
self-control are just as likely to participate in violent online crimes such as online
harassment as they are to participate in nonviolent online crimes?
Cybercrime 39
Researchers have also applied self-control theory to the study of cyber

victimization. These studies found that individuals with characteristics of low self-control
are more likely to place themselves in situations where they are vulnerable to
victimization from crimes such as fraud and those individuals did little to protect
themselves from this victimization. Again more research should be conducted in this area
to expand self-control theory to the study of other types of cyber victimization.
Furthermore, Hirschi and Gottfredson said that characteristics of low self-control
are a result of ineffective parenting (1990). The nature of the internet makes it difficult
for parents to monitor their childrens behavior and as a result they are not able to correct
the behavior. Does this result in children developing further characteristics of low selfcontrol? Researchers could explore the influence of the internet on effective parenting.
There are still several areas of cybercrime research to which self-control can be applied.
Further research into using routine activity theory in the study of cybercrime
victimization is also justified. As this paper has shown, there is some disagreement as to
whether routine activity theory can be applied to the study of cybercrime. This
disagreement arises as to whether or not the convergence in time and space of an offender
and a victim is absolutely necessary for routine activity theory to function. Scholars need
to conduct more research into this area to examine whether routine activity theory can be
applied to the study of cybercrime and what answers this application can offer us. Some
scholars say that routine activity theory can be applied to the study of cybercrime, others
disagree. Further applications of this theory would help to establish the validity of
applying routine activity theory to online victimization.
Cybercrime 40
Researchers have also begun to use routine activity theory to study cyber
victimization. Their application of routine activity theory has shown that this theory holds
promise for explaining cyber victimization. These studies found that an individuals
routine activities, such as the number of social networking sites he or she uses and an
individuals use of online communication, increases his or her likelihood of victimization
for both violent and nonviolent cybercrimes. However, researchers have not addressed
aspects of routine activity theory such as inertia and physical visibility (Cohen & Felson,
1979). Cohen and Felson argued that physical visibility and inertia were important
aspects in determining target suitability (1979). The internet, however, is often
anonymous. Someone may post an add on craigslist and post pictures, but there is not
guarantee you will get what you are buying until you actually see it in the terrestrial
world. Adults can pose as teenagers on chat rooms in order to connect with children.
Research has not been conducted to determine how individuals on the internet determine
whether their target is really what they think it is and how they determine its true value as
a target. Future research applying routine activity theory to the study of cyber
victimization should explore these issues.
Some researchers have also examined the applicability of using both self-control
theory and routine activity theory to the study of cybercrime victimization. This research
found evidence that suggests that together these theories can help scholars better
understand fraud victimization (Holtfreter, Reisig & Pratt, 2008). Researchers should
expand these findings to the study of other cyber victimizations besides fraud, in order to
determine the applicability of using both of these theories in conjunction to study online
victimization.
Cybercrime 41
Scholars should also expand cybercrime research by applying other crime theories
to the study of cybercrime. Self-control theory and routine activity theory are not the only
theories that criminologists have developed to explain crime and these other crime
theories could be expanded to the study of online crime to help explain an individuals
participation in deviant acts and why some individuals are more likely to be victimized.
Theories that hold promise for the study of cybercrime include strain theory and social
learning theory. Strain theory maintains that when an individual cannot achieve his or her
goals, he or she experiences strain and as a result they may turn to crime (Cullen &
Agnew, 2006). Researchers could study whether an individuals strain in the real world
affects their deviant behavior in the virtual world. For example, if an individual feels
strain because he or she has not achieved financial success and cannot afford the latest
software, might he or she turn to pirating it? Social learning theory believes that crime is
learned through association with deviant peers (Cullen & Agnew, 2006). Some research
has already shown that there is a relationship between the number of deviant peers an
individual has and his or her participation in music piracy (Hinduja & Ingram, 2009). But
researchers could examine whether social learning theory applies to all types of
cybercrimes or just certain cybercrimes. For example, does social learning theory help
explain the influence of deviant online peers on violent online crimes as well as it can
explains online nonviolent crimes, such as piracy and theft? Expanding these theories
could help to explain the growing cybercrime problem, as these theories suggest other
variables that might influence an individuals likelihood of either committing or being a
victim of cybercrime.
Cybercrime 42
Further research could also study the results of victims interaction with law
enforcement agencies. Victims can report their victimization to the IC3, as well as other
state and federal organizations. However, not a lot of research has been conducted to
determine whether individuals are satisfied with the way their case is handled. For those
who suffer financial losses as a result of their victimization we do not know if they are
able to recover all, part, or none of their losses? This type of research could provide a
better look at the victims of cybercrime. It also could help policy makers and law
enforcement agencies better address the needs of victims. Future research into cybercrime
victimization could explore issues that victims face after they have been victimized.
In conclusion, scholars have only really begun to examine the cybercrime issue
over the last decade. While much research has been conducted in this area, there are still
many areas where future research needs to be conducted. Researchers need to test their
findings using larger more representative samples to better establish the generalizability
of their findings. There are many areas that researchers could apply self-control and
routine activity theory. Further research should be conducted examining the effectiveness
of using both of these theories to study cybercrime victimization. Criminologists must
also examine the applicability of other crime theories, such as strain and social learning
theory to the study of cybercrime so that the problem can be better understood.
Opportunities also exist for researchers to examine business victimization, as well as,
victim interaction with law enforcement. These areas for future research are just some of
the unexplored areas that researchers still need to examine in the quest to understand this
phenomenon. Cybercrime research will be important to our understanding of crime as our
society becomes more and more dependent on technology.
Cybercrime 43
CONCLUSION
Computers and the internet have become common place in todays society. This
new technology has resulted in the development of a new form of crime, cybercrime.
This paper has provided a background to the cybercrime problem and has reviewed two
theories that have been applied to the study of cybercrime and cyber victimization. It has
reviewed current legislation on cybercrime, current law enforcement responses to
cybercrime, and classified different forms of cybercrime. As well as looked at the trends
of cybercrime to determine the importance of studying cybercrime.
Both the Federal government and the various state governments have developed
legislation which defines cybercrimes, establishes jurisdiction, and provides the legal
base for prosecuting such crimes. Various Federal agencies have departments that deal
with computer crimes ranging from computer intrusions to intellectual property theft.
This paper has also reviewed various cybercrimes and classified these crimes into three
general categories, crimes against the computer, crimes where the computer is the tool
used to commit the crime, and crimes where the computer is just incidental to the crime
(Brenner, 2004). Furthermore, this paper has examined the current level of cyber
victimization for both businesses and individuals. Cyber victimization affects many
individuals and businesses in the United States and this problem seems to have increased
as the use of computers and the internet has increased over the last decade.
After reviewing the current state of cybercrime in the United States, this paper
examined the application of self-control and routine activity theory to the study of
cybercrime. Both self-control and routine activity theory can be applied to the study of
computer crime and victimization. Finally this paper ends with some suggestions for
Cybercrime 44
areas of future research, such as expanding current studies to other populations,

evaluating the problem using other theories, and further examining research into the
susceptibility of businesses to cyber victimization.
This paper has provided a look at what we know about cybercrime and
victimization a little more than a decade into the new century. This information can be
used to develop research questions to address what we do not know about this form of
crime and victimization. As the use of computers and the internet becomes further
engrained into our society this problem will continue to face legislators and law
enforcement officials. The fluidity of technology will make it difficult to develop
programs and policies to help protect people. Cybercrime research will be an important
area of study for future criminologist as we move farther into the digital age, who knows,
there may be a day in the far future when the number of cybercrimes committed
outweighs the number of traditional crimes committed.
ACKNOWLEDGEMENTS
The author would like to thank Dr. Min Xie for all of her suggestions to the
author on how to write and improve this paper. The author would also like to thank Dr.
Travis Pratt and Dr. Phillip Stevenson for reading this paper and providing the author
with suggestions for how to improve it. Dr. Travis Pratt has done important research
work in this area providing valuable contributions to the study of self-control theory, as
well as applying self-control and routine activity theory to the study of cybercrime. Dr.
Phillip Stevenson is the Director of the Statistical Analysis Center at the Arizona
Criminal Justice Commission and has helped the author improve her writing skills by
allowing her to help write reports for Statistical Analysis Center. The author would also
Cybercrime 45
like to thank Shana Malone from Arizona Criminal Justice Commissions Statistical
Analysis Center for reading this paper and providing suggestions for its improvement.
REFERENCES
Arizona Revised Statutes 13-2316. Computer tampering; venue; forfeiture;
classification. Retrieved February 15, 2012, from
http://www.azleg.state.az.us/FormatDocument.asp?inDoc=/ars/13/02316.htm&Tit
le=13&DocType=ARS
Brenner, S. (2004). U.S. cybercrime law: Defining offenses. Information Systems
Frontiers, 6(2), 115-132.
Buzzell, T., Foss, D., & Middleton, Z. (2006). Explaining use of online pornography: A
test of self-control theory and opportunities for deviance. Journal of Criminal
Justice and Popular Culture, 13(2), 96-116. Retrieved December 27, 2011, from
http://www.albany.edu/scj/jcjpc/vol13is2/Buzzell.pdf
Choi, K.(2008) Computer crime victimization and integrated theory: An empirical
assessment. International Journal of Cyber Criminology, 2(1), 308-333.
Cohen, L., & Felson, M. (1979). Social change and crime rate trends: A routine activity
approach. In F. Cullen & R. Agnew (Eds.), Criminological Theory Past to
Present: Essential Readings (pp. 427-442). New York, NY: Oxford University
Press.
Cullen, F., & Agnew, R. (2006). Criminological theory: past to present essential
readings. (3rd ed., pp. 5-8). New York, NY: Oxford University Press.
Deng, X., & Zhang, L. (1998). Correlates of self-control: An empirical test of self-control
theory. Journal of Crime and Justice, 21(2), 89-110.
Cybercrime 46
Federal Bureau of Investigation, Cyber Crime Division. Computer intrusions. Retrieved

November 28, 2011from http://www.fbi.gov/aboutus/investigate/cyber/computer-intrusions
Federal Bureau of Investigation, Cyber Crime Division. Innocent images: Online child
pornography/child sexual exploitation investigations. Retrieved December 27,
2011, from http://www.fbi.gov/stats-services/publications/innocent-images-1
The Federal Bureau of Investigation, Cyber Crime Division. Intellectual property theft.
Retrieved December 27, 2011, from: http://www.fbi.gov/aboutus/investigate/cyber/ipr
The Federal Bureau of Investigation and the National White Collar Crime Center.
Internet crime complaint center. Retrieved November 14, 2011, from
http://www.ic3.gov/default.aspx
The Federal Bureau of Investigation, Internet Crime Complaint Center. (2010). 2010
internet crime report. Retrieved November 14, 2011, from
http://www.ic3.gov/media/annualreport/2010_IC3Report.pdf
Gordon, S., & Ford, R. (2002). Cyberterrorism?. Computers & Security, 21(7), 636-647.
Henson, B., Reyns, B. W., & Fischer, B. S. (2011). Security in the 21st century:
Examining the link between online social network activity, privacy, and
interpersonal victimization. Criminal Justice Review, 36(3), 253-268. Retrieved
October 12, 2011, from
http://cjr.sagepub.com.ezproxy1.lib.asu.edu/content/36/3/253
Higgins, G. E. (2005). Can low self-control help with the understanding of the software
piracy problem?. Deviant Behavior, 26, 1-24.
Cybercrime 47
Higgins, G. E., & Makin, D. A. (2004). Self-control, deviant peers, and software piracy.
Psychological Reports, 95, 921-931.
Higgins, G. E., Wolfe, S. E., & Marcum, C. D. (2008). Digital piracy: An examination of
three measurements of self-control. Deviant Behavior, 29(5), 440-460.
Hinduja, S., & Ingram, J. R. (2009). Social learning theory and music piracy: The
differential role of online and offline peer influence. Criminal Justice Studies,
22(4), 405-420.
Hirschi, T., & Gottfredson, M. (1990). A general theory of crime. In F. Cullen & R.
Agnew (Eds.), Criminological Theory: Past to Present Essential Readings (pp.
228-240). New York, NY: Oxford University Press.
Holt, T. J., & Bossler, A. M. (2008). Examining the applicability of life-style routine
activities theory for cybercrime victimization. Deviant Behavior, 30(1), 1-25.
Holtfreter, K., Reisig, M., Piquero, N., & Piquero, A. (2010). Low self-control and fraud:
Offending, victimization, and their overlap. Criminal Justice and Behavior, 37(2),
188-203.
Holtfreter, K., Reisig, M., & Pratt, T. (2008). Low self-control, routine activities, and
fraud victimization. Criminology, 46(1), 189-218.
Kleinrock, L. (2008). History of the internet and its flexible future. IEEE Wireless
Communications, 15(1), 8-18.
Marcum, C. D., Higgins, G. E., & Ricketts, M. L. (2010). Potential factors of online
victimization of youth: An examination of. Deviant Behavior, 31(5), 381-410.
Moon, B., McCluskey, J. D., & McCluskey, C. P. (2010). A general theory of crime and
computer crime: An empirical test. Journal of Criminal Justice, 38, 767-772.
Cybercrime 48
Morris, R. G., & Higgins, G. E. (2009). Neutralizing potential and self-reported digital
piracy: a multi-theoretical exploration among college undergraduates. Criminal
Justice Review, 34(2), 173-195. Retrieved October 12, 2011, from
http://cjr.sagepub.com.ezproxy1.lib.asu.edu/content/34/2/173.full.pdf+html
Neilson Ratings. (2011). Top ten global web parent companies, home and work.
Retrieved February 24, 2012, from
http://www.nielsen.com/us/en/insights/top10s/internet.html
Perrone, D., Sullivan, C.J., Pratt, T.C., & Margaryan, S. (2004). Parental efficacy, selfcontrol, and delinquency: A test of a general theory of crime on a nationally
representative sample of youth. International Journal of Offender Therapy and
Comparative Criminology, 48, 298-312.
Pratt, T.C & Cullen, F.T. (2000). The empirical status of Gottfredson and Hirschis
general theory of crime: A meta-analysis. Criminology, 38, 931-964.
Pratt, T., Holtfreter, K., & Reisig, M. (2010). Routine online activity and internet fraud
targeting: Extending the generality of routine activity theory. Journal of Research
in Crime and Delinquency, 47(3), 267-296.
Pratt, T.C., Turner, M.G., & Piquero, A.R. (2004). Parental socialization and community
context: A longitudinal analysis of the structural sources of low self-control.
Journal of Research in Crime and Delinquency, 41, 219- 243.
Rantala, R. U.S. Department of Justice, Bureau of Justice Statistics. (2008). Cybercrime
against businesses, 2005. Retrieved October 12, 2011, from website:
http://bjs.ojp.usdoj.gov/content/pub/pdf/cb05.pdf
Reisig, M.D. & Pratt, T.C. (2011). Low self-control and imprudent behavior revisited.
Cybercrime 49
Deviant Behavior, 32(7), 589-625.

Reisig, M. D., Pratt, T. C., & Holtfreter, K. (2009). Perceived risk of internet theft
victimization: examining the effects of social vulnerability and financial
impulsivity. Criminal Justice and Behavior, 36, 369-384.
Siobhan, G. & Yochi J.D. (2009). Obama to create Cyber Czar job The Wall Street
Journal Retrieved February 24, 2012, from
http://online.wsj.com/article/SB124355914259564961.html
Straub, D. W., & Collins, R. W. (1990). Key informational liability issues facing
managers: Software piracy, proprietary databases, and individuals right to
privacy. MIS Quarterly, 14(2), 143-156.
Turner, M.G., Piquero, A.R., & Pratt, T.C. (2005). The school context as a source of low
self-control. Journal of Criminal Justice, 33(4), 327- 339.
U.S. Department of Homeland Security, National Cyber Security Division. National
cyber security division. Retrieved October 17, 2011, from website:
http://www.dhs.gov/xabout/structure/editorial_0839.shtm
U.S. Department of Homeland Security, National Cyber Security Division.
Cybersecurity. Retrieved October 17, 2011, from
http://www.dhs.gov/files/cybersecurity.shtm
United States Secret Service, Electronic Crimes Task Force. Electronic crimes task
forces and working groups. Retrieved November 28, 2011, from
http://www.secretservice.gov/ectf.shtml
USA patriot act (h.r. 3162). (2001, October 24). Retrieved November 28, 2011, from
http://epic.org/privacy/terrorism/hr3162.html
Cybercrime 50
Yar, M. (2005) The novelty of cybercrime: An assessment in light of routine activity

theory. European Journal of Criminology, 2 (4), 407-427.
Cybercrime 51

An Examination of Cybercrime and Cybercrime Research Selfcontrol and Routine

Hochgeladen von

Dokumentinformationen

Copyright

Verfügbare Formate

Dieses Dokument teilen

Dokument teilen oder einbetten

Freigabeoptionen

Stufen Sie dieses Dokument als nützlich ein?

Sind diese Inhalte unangemessen?

Copyright:

Verfügbare Formate

An Examination of Cybercrime and Cybercrime Research Selfcontrol and Routine

Hochgeladen von

Copyright:

Verfügbare Formate

An Examination of Cybercrime and Cybercrime Research: Self-control and Routine

Federal Laws .................................................................................7

State Laws ......................................................................................9

3.2 Cybercrime Law Enforcement Agencies ................................................11

Business Cyber Victimization ......................................................20

Individual Cyber Victimization ...................................................22

In this examination I will review current legislation on cybercrime, current law

In conclusion, the development and growth of cybercrimes in recent years have

between states differ, legislators in every state recognize cybercrime legislation as an

Department of Justice, has conducted a national survey of businesses to determine, the

In their book, A General Theory of Crime, Travis Hirschi and Michael

Cullen conducted a meta-analysis of empirical studies of self-control theory in order to

visibility would be important to deciding the suitability of a target. Access, is also

individuals therefore future research needs to be conducted among other groups to

Researchers have also applied self-control theory to the study of cyber

areas of future research, such as expanding current studies to other populations,

Federal Bureau of Investigation, Cyber Crime Division. Computer intrusions. Retrieved

Deviant Behavior, 32(7), 589-625.

Yar, M. (2005) The novelty of cybercrime: An assessment in light of routine activity

Das könnte Ihnen auch gefallen